(April 29, 2021) On March 2, 2021, Microsoft issued emergency security updates for Exchange Server 2019, 2016, 2013, and even the unsupported 2010 version. The move came in response to a series of zero-day attacks that compromised hundreds of thousands of Exchange email servers. This raises the question, do you need the risks and headaches of an on-premises email server?
Cloud-based email services such as Microsoft 365 were not affected by the threats. Although cloud email customers are still responsible for protecting user accounts and backing up cloud data, they no longer have to worry about applying patches or upgrading their email server when new versions are introduced. By migrating their on-premises email systems to the public cloud, organizations benefit from the robust security controls integrated into the cloud provider’s infrastructure.
Advanced Persistent Threats
Exchange Email Servers worldwide were attacked by a group of advanced persistent threats (APTs) known collectively as ProxyLogon. The APTs allow attackers to bypass access controls and open a “back door” in Exchange Server that can be accessed from any web browser. Attackers can then gain administrator privileges on the server, enabling them to install software and execute commands.
The ProxyLogon APTs have been used to access email accounts, launch ransomware attacks and install web shells that give them long-term access to the victim’s email server. Potentially, attackers could use Exchange Server as an entry point to obtain high-level access to the rest of the network.
Microsoft reports that more than 90 percent of customers have implemented the patch. However, that leaves an estimated 30,000 on-premises Exchange Servers unprotected. Worse, the patch doesn’t prevent ongoing attacks if the server was compromised before it was updated. Cybersecurity experts worry that these attacks could still be going on in the background, placing sensitive data at risk.
Vulnerabilities in On-Prem Systems
The Microsoft Threat Intelligence Center has attributed the attacks to the Chinese state-sponsored group HAFNIUM, although other malicious actors have been taking advantage of the exploit. In fact, automated attack scripts have been made publicly available, enabling unskilled hackers to gain remote control of vulnerable Exchange Servers.
It’s the latest in a long line of threats that have affected on-premises email servers. Microsoft acknowledges that Exchange Server is a preferred target of hackers, who can exploit it to gain a foothold in a compromised network. Outlook Web Access, which enables users to access their email via the Internet, is particularly vulnerable.
On top of that, many organizations struggle to keep their email infrastructure up-to-date and patched. Microsoft extended the end-of-support date for Exchange Server 2010 to Oct. 13, 2020, giving customers more time to migrate. However, this legacy version of Exchange is still widely deployed.
Safety in the Cloud
Cloud-based email solutions are maintained by the service provider. Most utilize advanced security features that many on-premises environments lack. What’s more, moving email to the cloud relieves organizations of the responsibility of maintaining the underlying IT infrastructure, and the solution will readily scale to support growing numbers of users.
Email is one of the “low-hanging fruit” for cloud migration. Few organizations need highly customized email platforms, making cloud email suitable for most use cases. Cloud email services are mature and generally compliant with government and industry regulations. In some cases, organizations may be required to keep a few mailbox on-premises, in which case a hybrid environment can be beneficial.
A managed services provider (MSP) with expertise in cloud solutions can help organizations plan and implement a cloud email migration, and manage the cloud platform long-term. If a hybrid environment is required, the MSP can monitor and manage the on-premises systems utilizing a layered security approach to protect against threats.
Organizations should take the threats posed to Microsoft Exchange email server seriously. Widely publicized and easily exploited vulnerabilities can put the entire IT infrastructure at risk. Don’t allow Exchange Server to become a blind spot in your security strategy. Carefully consider this high-profile attack vector in your risk assessment.
ABOUT MAINSTREAM TECHNOLOGIES
Mainstream Technologies delivers a full range of technology services in Arkansas and the surrounding region including managed technology services and consulting custom software development and cybersecurity services. We also offer industry-leading data center services in our Little Rock facilities. Established in 1996, Mainstream has earned a reputation for delivering quality, reliable, and professional technology services for public and private-sector customers across the United States.
Jeff Pracht
IT Business Development Manager
(479) 715-8629 Office
(501) 529-0008 Mobile